1 files changed, 52 insertions, 0 deletions

diff --git a/dns/bind99/files/patch-CVE-2015-1349 b/dns/bind99/files/patch-CVE-2015-1349
new file mode 100644
index 000000000000..0f7794bc3a04
--- /dev/null
+++ b/dns/bind99/files/patch-CVE-2015-1349
@@ -0,0 +1,52 @@
+commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892
+Author: Evan Hunt <each@isc.org>
+Date:   Tue Feb 3 18:30:38 2015 -0800
+
+    [v9_9_6_patch] avoid crash due to managed-key rollover
+    
+    4053.	[security]	Revoking a managed trust anchor and supplying
+    			an untrusted replacement could cause named
+    			to crash with an assertion failure.
+    			(CVE-2015-1349) [RT #38344]
+
+diff --git a/CHANGES b/CHANGES
+index e8d75ea..b45be6d 100644
+--- CHANGES
++++ CHANGES
+@@ -1,3 +1,10 @@
++	--- 9.9.6-P2 released ---
++
++4053.	[security]	Revoking a managed trust anchor and supplying
++			an untrusted replacement could cause named
++			to crash with an assertion failure.
++			(CVE-2015-1349) [RT #38344]
++
+ 	--- 9.9.6-P1 released ---
+ 
+ 4006.	[security]	A flaw in delegation handling could be exploited
+diff --git a/lib/dns/zone.c b/lib/dns/zone.c
+index 7a9825b..5db2844 100644
+--- lib/dns/zone.c
++++ lib/dns/zone.c
+@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
+ 					     namebuf, tag);
+ 				trustkey = ISC_TRUE;
+ 			}
++		} else {
++			/*
++			 * No previously known key, and the key is not
++			 * secure, so skip it.
++			 */
++			continue;
+ 		}
+ 
+ 		/* Delete old version */
+@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
+ 			trust_key(zone, keyname, &dnskey, mctx);
+ 		}
+ 
+-		if (!deletekey) {
++		if (secure && !deletekey) {
+ 			INSIST(newkey || updatekey);
+ 			set_refreshkeytimer(zone, &keydata, now);
+ 		}